Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Schneider-electric Subscribe
Filtered by product Powerlogic Pm5560
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22764 1 Schneider-electric 8 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 5 more 2021-06-23 5.0 MEDIUM 5.3 MEDIUM
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
CVE-2021-22763 1 Schneider-electric 10 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 7 more 2021-06-23 10.0 HIGH 9.8 CRITICAL
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
CVE-2018-7795 1 Schneider-electric 2 Powerlogic Pm5560, Powerlogic Pm5560 Firmware 2018-11-07 4.3 MEDIUM 6.1 MEDIUM
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.